[{"data":1,"prerenderedAt":215},["ShallowReactive",2],{"ressources-en-10-essential-anssi-indicators":3},{"id":4,"title":5,"author":6,"body":7,"category":202,"challenges":203,"counterpart":204,"date":205,"description":206,"draft":207,"extension":208,"gated":207,"gatedAsset":203,"gatedDownloadUrl":203,"image":203,"meta":209,"navigation":210,"path":211,"results":203,"seo":212,"solutions":203,"stem":213,"testimonialAuthor":203,"testimonialPhoto":203,"testimonialQuote":203,"testimonialRole":203,"__hash__":214},"blogEn\u002Fresources\u002F10-essential-anssi-indicators.md","The 10 Essential ANSSI Indicators for Managing Your Cybersecurity","OverView Team",{"type":8,"value":9,"toc":190},"minimark",[10,15,19,27,30,34,39,45,51,57,63,67,73,79,85,89,95,101,107,109,113,120,123,175,181],[11,12,14],"h2",{"id":13},"why-10-indicators-are-enough","Why 10 Indicators Are Enough",[16,17,18],"p",{},"The ANSSI IT hygiene guide and CIS Controls v8 contain dozens of recommendations. But in practice, 80% of an organization's security posture can be measured with a handful of well-chosen KPIs.",[16,20,21,22,26],{},"These 10 indicators represent the ",[23,24,25],"strong",{},"essential baseline"," — the ones every CISO, CIO, or managed service provider should be able to check at any time, without manual consolidation. They cover three pillars: endpoint protection, identity management, and response capability.",[28,29],"hr",{},[11,31,33],{"id":32},"the-10-indicators","The 10 Indicators",[35,36,38],"h3",{"id":37},"endpoint-protection","Endpoint Protection",[16,40,41,44],{},[23,42,43],{},"1. Active EDR Coverage"," — Target: 100%\nPercentage of devices with an active, functioning endpoint protection (EDR\u002Fantivirus). A single uncovered device is enough to create a breach. It's the first indicator any auditor checks.",[16,46,47,50],{},[23,48,49],{},"2. System Patch Rate"," — Target: 95%\nPercentage of devices with the latest security patches applied (under 30 days). Known unpatched vulnerabilities remain the #1 attack vector.",[16,52,53,56],{},[23,54,55],{},"3. Backup Success Rate"," — Target: 100%\nPercentage of backups completed successfully over the last 7 days. In case of ransomware, this is the difference between 4 hours and 4 weeks of downtime.",[16,58,59,62],{},[23,60,61],{},"4. Unpatched Critical Vulnerabilities"," — Target: 0 beyond 30 days\nNumber of critical vulnerabilities (CVSS ≥ 9) or KEVs unpatched for more than 30 days. Beyond this threshold, the risk of active exploitation is real.",[35,64,66],{"id":65},"identity-management","Identity Management",[16,68,69,72],{},[23,70,71],{},"5. MFA Adoption"," — Target: 100%\nPercentage of users protected by multi-factor authentication. Without MFA, a compromised password gives direct access to the IT environment.",[16,74,75,78],{},[23,76,77],{},"6. Excessive Privilege Accounts"," — Target: 0\nNumber of accounts with unjustified admin rights or not reviewed in the past 90 days. Every unnecessary admin account is an attack surface.",[16,80,81,84],{},[23,82,83],{},"7. Security Policy Compliance"," — Target: > 90%\nPercentage of devices and accounts compliant with defined policies (MDM, GPO, conditional access). Measures day-to-day operational discipline.",[35,86,88],{"id":87},"response-capability","Response Capability",[16,90,91,94],{},[23,92,93],{},"8. Phishing Click Rate"," — To be measured\nPercentage of employees who clicked on phishing test emails. Shows the real awareness level — measured, not self-reported.",[16,96,97,100],{},[23,98,99],{},"9. Mean Time to Remediation"," — Target: 7 to 30 days\nTime between detecting a non-compliance and resolving it. A maturity indicator: it measures the ability to act, not just detect.",[16,102,103,106],{},[23,104,105],{},"10. Mean Time to Detection"," — Target: \u003C 48 hours\nTime elapsed between a suspicious activity and its detection. The shorter this delay, the more limited the impact.",[28,108],{},[11,110,112],{"id":111},"from-theory-to-practice","From Theory to Practice",[16,114,115,116,119],{},"The challenge isn't defining these 10 indicators — it's ",[23,117,118],{},"calculating them continuously, from real data",". Today, most organizations produce them manually in Excel, once a month. The result is partial, self-reported, and outdated the moment it's published.",[16,121,122],{},"OverView connects to your existing tools (AD, EDR, CMDB, MDM, vulnerability scanner) and calculates these 10 KPIs automatically. No heavy technical integration — data is collected directly from your solutions in place.",[124,125,126,139],"table",{},[127,128,129],"thead",{},[130,131,132,136],"tr",{},[133,134,135],"th",{},"Manual approach",[133,137,138],{},"With OverView",[140,141,142,151,159,167],"tbody",{},[130,143,144,148],{},[145,146,147],"td",{},"Excel consolidation, 2 days\u002Fmonth",[145,149,150],{},"Automatic, continuous calculation",[130,152,153,156],{},[145,154,155],{},"Self-reported, partial data",[145,157,158],{},"KPIs based on real data",[130,160,161,164],{},[145,162,163],{},"5 to 15 tools checked separately",[145,165,166],{},"Unified view in a single dashboard",[130,168,169,172],{},[145,170,171],{},"No cross-referencing between sources",[145,173,174],{},"Automatic correlations across tools",[176,177,178],"blockquote",{},[16,179,180],{},"\"We used to spend two days a month producing an approximate dashboard. Now, the 10 indicators are there, up to date, and we know exactly where to act.\"",[16,182,183,184,189],{},"To go further, check out our complete guide on the ",[185,186,188],"a",{"href":187},"\u002Fen\u002Fresources\u002F20-key-cyber-compliance-indicators","20 key compliance indicators"," which adds cross-tool correlations — where the real risks hide.",{"title":191,"searchDepth":192,"depth":192,"links":193},"",2,[194,195,201],{"id":13,"depth":192,"text":14},{"id":32,"depth":192,"text":33,"children":196},[197,199,200],{"id":37,"depth":198,"text":38},3,{"id":65,"depth":198,"text":66},{"id":87,"depth":198,"text":88},{"id":111,"depth":192,"text":112},"Guide",null,"10-indicateurs-anssi-essentiels","2026-03-10","The 10 KPIs from the ANSSI hygiene guide and CIS Controls that every organization should track. Target objectives and calculation methods.",false,"md",{},true,"\u002Fresources\u002F10-essential-anssi-indicators",{"title":5,"description":206},"resources\u002F10-essential-anssi-indicators","VoMi0wmlCc_ixy58N7R5O-9DczycBSDzmkWeABosrk8",1783099163985]